SajidBanday
CDCloudflare Developers
•Created by SajidBanday on 1/17/2025 in #general-help
Issue with WAF Rule Updates Not Reflecting for same connection After IP Blocklist Changes
Hi everyone, I'm encountering an issue with Cloudflare's WAF rules not being applied after updating the IP blocklist via the Cloudflare API.
When I update the blocklist, requests from the blocked IPs are still reaching my service, even though the blocklist has been updated.
If I use the Connection: close header or stop and restart the client, the traffic gets blocked as expected. However, this approach isn't feasible in production, as I need the blocklist updates to take effect immediately without requiring the client to restart or close connections.
Details:
I'm updating the IP blocklist via the Cloudflare API, but the changes aren't reflected in requests from the same connection.
It seems like Cloudflare is reusing the same connection, which causes the updated WAF rules to not apply until a new connection is established.
Has anyone encountered this issue before? Is there a way to force Cloudflare to apply the updated WAF rules to existing connections, or a way to ensure that the IP blocklist is enforced without waiting for connection resets?
2 replies